Expose port 80 on Digital Ocean's managed Kubernetes without a load balancer

时间:2019-01-09 22:35:10

标签: kubernetes digital-ocean

I would like to expose my Kubernetes Managed Digital Ocean (single node) cluster's service on port 80 without the use of Digital Ocean's load balancer. Is this possible? How would I do this?

This is essentially a hobby project (I am beginning with Kubernetes) and just want to keep the cost very low.

Thank you in advanced! -Joe

2 个答案:

答案 0 :(得分:5)

您可以部署配置为使用主机网络和端口80/443的Ingress。

    默认情况下,集群的
  1. DO的防火墙没有打开80/443入站。通过https://cloud.digitalocean.com/networking/firewalls

  2. 打开它们
  3. 使用主机网络创建nginx ingress。我已经在下面添加了helm chart配置,但是您也可以通过直接安装过程来实现。

$ helm install stable/nginx-ingress --name=myingress -f myingress.values.yml

myingress.values.yml(用于图表)

---
controller:
  kind: DaemonSet
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  daemonset:
    useHostPort: true
  service:
    type: ClusterIP
rbac:
  create: true
  1. 您应该能够通过任何辅助节点IP分别在:80和:443上访问群集,它将流量路由到您的入口。

  2. 由于节点IP可以更改,因此请考虑部署external-dns来管理指向您的工作节点的DNS条目。再次使用舵图并假设您的DNS域由DigitalOcean托管(尽管任何受支持的DNS提供商都可以使用):

$ helm install --name=mydns -f mydns.values.yml stable/external-dns

mydns.values.yml(用于图表)

---
provider: digitalocean
digitalocean:
  # create the API token at https://cloud.digitalocean.com/account/api/tokens
  # needs read + write
  apiToken: "DIGITALOCEAN_API_TOKEN"
domainFilters:
  # domains you want external-dns to be able to edit
  - example.com
rbac:
  create: true
  1. 创建Kubernetes Ingress resource,以将请求路由到现有的Kubernetes服务:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: testing123-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: testing123.example.com             # the domain you want associated
      http:
        paths:
          - path: /
            backend:
              serviceName: testing123-service  # existing service
              servicePort: 8000                # existing service port
  1. 大约一分钟后,您应该会看到DNS记录出现并且可以解决:
$ dig testing123.example.com             # should return worker IP address
$ curl -v http://testing123.example.com  # should send the request through the Ingress to your backend service

答案 1 :(得分:0)

NodePort Service可以做您想要的事情。像这样:

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: MyApp
  ports:
  - protocol: TCP
    nodePort: 80
    targetPort: 80

这会将进入的流量从节点的端口80重定向到pod的端口80。在DNS中发布节点IP,就可以设置了。

通常像这样向外界公开服务是一个非常非常糟糕的主意,因为将所有流量传递给服务的单个节点将承受不均衡的负载,并且成为单点故障。不过,这种考虑不适用于单节点群集,因此请注意,LoadBalancer和Ingress是执行您要查找的内容的容错方法,NodePort最适合这种极端情况。